Any targeted attack is likely to succeed given the (apparent) money and talent behind Stuxnet. Many of the exploits were zero-day anyway; I see no reason why they couldn't have used zero-day linux exploits instead.

I do agree, though, Windows is a desktop machine OS and has a vastly larger exploitation surface area.

I do not think that's true. It obviously took a serious amount of time, money, and testing to implement stuxnet. Double the cost and risk might still be do-able. 10X the cost and risk might not.

The level of defense - in this case an air gap - raised cost and risk. That added back bag job to plant the infection, or a bribed operator to the cost and risk. If the SCADA software ran in a VM as a guest OS, and booted from read-only media, stuxnet might not have taken hold, and the bribed operator might have been discovered by forensics on isolated infected systems.

At some point the cost and/or risk exceeds the value of the target or a reasonable threshold for the chance of success. Even when you have infinite money, you don't have infinite time or infinite risk tolerance.

"I see no reason why they couldn't have used zero-day linux exploits instead"

Selinux / apparmor, lxc (or similar), better aslr, daemons usually defaulting to separate users, many other things... There are many security layers so trivial to apply these days that it's really a failure not to. Sure - you can still find zero-days (or may be already sitting on a pile of them), but I get an impression that it's much harder to take over the whole system these days if anyone spent a couple of minutes just to tweak the defaults.